Method and apparatus for accommodating duplicate mac addresses

ABSTRACT

Each access node is associated with one or more IP subnets with a preferred default subnet. Each subnet is instantiated as a unique virtual Ethernet broadcast domain. As client nodes register on the communication network, they will dynamically try to obtain an IP address for use on the communication network. As part of this process, the MAC address of the client node will be checked to ensure that it is not a duplicate of another MAC address associated with another client node that has already been assigned an IP address from the default subnet. When duplicate MAC addresses are detected, the device with the duplicate MAC address will be assigned an IP address from a different subnet so that more than one client device with the same MAC address are not associated with the same subnet.

RELATED APPLICATION

This application is a continuation of co-pending U.S. patent applicationSer. No. 12/429,210, filed on Apr. 24, 2009, entitled METHOD ANDAPPARATUS FOR ACCOMMODATING DUPLICATE MAC ADDRESSES, which is herebyincorporated herein by reference in its entirety.

TECHNICAL FIELD

The present invention relates to communication networks, and, moreparticularly, to a method and apparatus for accommodating duplicate MACaddresses on a communication network.

BACKGROUND

Data communication networks may include various computers, servers,nodes, routers, switches, bridges, hubs, proxies, and other networkdevices coupled to and configured to pass data to one another. Thesedevices will be referred to herein as “network elements.” Data iscommunicated through the data communication network by passing protocoldata units, such as Internet Protocol packets, Ethernet Frames, datacells, segments, or other logical associations of bits/bytes of data,between the network elements by utilizing one or more communicationlinks between the network elements. A particular protocol data unit maybe handled by multiple network elements and cross multiple communicationlinks as it travels between its source and its destination over thenetwork.

The various network elements on the communication network communicatewith each other using predefined sets of rules, referred to herein asprotocols. Different protocols are used to govern different aspects ofthe communication, such as how signals should be formed for transmissionbetween network elements, various aspects of what the protocol dataunits should look like, how protocol data units should be handled orrouted through the network by the network elements, and how informationsuch as routing information should be exchanged between the networkelements.

Ethernet is a well known networking protocol that has been defined bythe Institute of Electrical and Electronics Engineers (IEEE) asstandards 802.1 and 802.3. Conventionally, Ethernet has been used toimplement networks in enterprises such as businesses and campuses, andother technologies have been used to transport network traffic overlonger distances. As the Ethernet standards have evolved over time,Ethernet has become more viable as a long distance transport technologyas well.

FIG. 6 shows several fields that have been added to the Ethernetstandard over time. As shown in FIG. 6, the original Ethernet frameformat specified by IEEE 802.1 includes a source address (C-SA) and adestination address (C-DA). IEEE 802.1Q added a Customer VLAN tag(C-Tag) which includes an Ethertype, Tag Control Information (TCI)information, and customer VLAN ID (C-VID). IEEE 802.1ad added a providerVLAN tag (S-Tag), which also includes an Ethertype, TCI information, andsubscriber VLAN ID. The C-Tag allows the customer to specify a VLAN,while the S-Tag allows the service provider to specify a VLAN on theservice provider's network for the frame.

The Ethernet standard has evolved to also allow for a secondencapsulation process to take place as specified in IEEE 802.1ah.Specifically, an ingress network element to a service provider's networkmay encapsulate the original Ethernet frame with an outer MAC headerincluding a destination address on the service provider's network(B-DA), a source address on the service provider's network (B-SA), aVLAN ID (B-VID) and a service instance tag (I-SID). The combination ofthe customer MAC addresses (C-SA and C-DA) and the I-SID are commonlyreferred to as the I-Tag.

The Ethernet Media Access Control (MAC) address forms part of theEthernet header. In a given broadcast domain such as an Ethernet LAN,each MAC address is required to be unique and identifies a particularnetworking entity so that frames can be unambiguously forwarded to thatparticular entity.

The MAC addressing scheme is designed to enable the MAC addresses to beglobally unique. Specifically, the IEEE specifies a numbering scheme inwhich universally administered addresses are assigned to particulardevices by the manufacturer when the devices are created. In the IEEEnumbering scheme, the first two bits are set aside for local/multicastframe indication, and the remainder of the first three octets of the MACaddress are referred to as the Organizationally Unique Identifier (OUI),and identify the manufacturer. An OUI code-point is assigned by the IEEEto a manufacturer as needed. The last three bytes are assigned by themanufacturer to the devices as they are created and burned into thedevices so that each device created by that manufacturer will have aunique MAC address.

In general, manufacturers have adhered to this numbering scheme tocreate devices that have globally unique permanent MAC addresses.However, unfortunately, not every manufacturer has adhered to thisconvention. Thus, devices with duplicate MAC addresses are starting toappear. This is problematic for normal bridging, which “learns” theforwarding path to a given MAC address by bridges that receive a frameeach observing and storing the port of arrival for traffic from that MACaddress, and hence if multiple identical addresses appear in a bridgeddomain, the frame forwarding for a given MAC address will always go tothe most recent source of a frame with that MAC address as source.

Typically, duplicate MAC addresses is more a problem with low costconsumer appliances than it is with very expensive network routers,etc., that are deployed within a service provider's network. When suchlow cost appliances are networked via a broadband access network thatpreserves the Ethernet frame content, duplicate addresses can become aproblem and interfere with the correct operation of the network.Accordingly, one way that has been proposed to handle the possibility ofduplicate MAC addresses appearing on a broadcast domain is to performMAC Network Address Translation (NAT) in the access node where thecustomer devices connect to the service provider's network. This processenables any duplicate MAC address to be translated to a carrieradministered globally unique value so that duplicate addresses do notappear within the service provider's network.

Unfortunately, MAC NAT is not trivial. Particularly in IPv6, where theMAC address becomes part of the IP address, performing MAC NAT iscomplex. Additionally, keeping the MAC NAT functionality in the accessnode up to date, which includes the awareness of new protocols, mayrequire significant maintenance and ongoing software development.Accordingly, it would be desirable to provide another way to accommodateduplicate MAC addresses in a communication network.

SUMMARY

Each access node is associated with one or more IP subnets with apreferred default subnet. Each subnet is instantiated as a uniquevirtual Ethernet broadcast domain. As client nodes register on thecommunication network, they will dynamically try to obtain an IP addressfor use on the communication network. As part of this process, the MACaddress of the client node will be checked to ensure that it is not aduplicate of another MAC address associated with another client nodethat has already been assigned an IP address from the default subnet.When duplicate MAC addresses are detected, the device with the duplicateMAC address will be assigned an IP address from a different subnet sothat more than one client device with the same MAC address are notassociated with the same subnet. In one embodiment, a DHCP server mayimplement the process of checking for duplicate MAC addresses. In anEthernet context, different IP subnet prefixes may be mapped todifferent S-VID values so that the different subnets are implemented asdifferent VLANs within the Ethernet network.

BRIEF DESCRIPTION OF THE DRAWINGS

Aspects of the present invention are pointed out with particularity inthe appended claims. The present invention is illustrated by way ofexample in the following drawings in which like references indicatesimilar elements. The following drawings disclose various embodiments ofthe present invention for purposes of illustration only and are notintended to limit the scope of the invention. For purposes of clarity,not every component may be labeled in every figure. In the figures:

FIGS. 1-4 are functional block diagrams of a communication networkshowing the dynamic assignment of devices with duplicate MAC addressesto different subnets according to an embodiment of the invention;

FIG. 5 is a flow diagram of a process that may be used to enableduplicate MAC addresses to be accommodated according to an embodiment ofthe invention;

FIG. 6 is a functional block diagram of an Ethernet frame format; and

FIG. 7 is a functional block diagram of a DHCP server that may be usedto detect duplicate MAC addresses and assign IP addresses from differentsubnets to accommodate duplicate MAC addresses on a communicationnetwork according to an embodiment of the invention.

DETAILED DESCRIPTION

MAC addresses are required to be unique within a subnet so that traffictransmitted within the subnet can unambiguously be transmitted toparticular nodes. In one embodiment, as client nodes connect to thecommunication network, they will register to obtain an IP address foruse on the communication network. As part of this process, the MACaddress of the client node will be checked to ensure that it is not aduplicate of another MAC address associated with another client nodethat has already been assigned an IP address for a particular subnet.When duplicate MAC addresses are detected, the device with the duplicateMAC address will be assigned an IP address from a different subnet sothat more than one client device with the same MAC address is notassociated with the same subnet. In one embodiment, a centralizedaddress server (typically a DHCP server) may implement the process ofchecking for duplicate MAC addresses. In an Ethernet context, differentIP subnet prefixes may be mapped to different S-VID values (IEEE 802.1ad) or I-SID values (IEEE 802.1ah) so that the different subnets areimplemented as different VLANs within the Ethernet network.

Although an embodiment of the invention will be described with referenceto an example where the duplicate MAC addresses appear on client nodes,the invention is not limited in this manner as duplicate MAC addressesmay appear at other locations on the network. Thus, the techniquesdescribed herein may be extended to apply in other regions of thenetwork as well.

FIG. 1 shows an example communication network 10, including access nodes12, client nodes 14, and a gateway Broadband Remote Access Server(BRAS), also known in the industry as a Broadband Network Gateway (BNG),16. The network 10 may include intermediate nodes interconnecting theaccess nodes 12 and the BRAS 16. For simplicity, the particular mannerin which the devices are physically connected is not shown and ratheronly logical connections 18 between these devices have been shown.

In an access network it is common for an access provider to scale thesolution by having multiple customers share a common S-VID and subnetprefix and employing bridging techniques for multiplexing/demultiplexingtraffic between customers and the BRAS. This minimizes S-VID consumptionand IP address fragmentation respectively. There is also a requirementthat customers do not have layer 2 reachability of each other within thescope of an S-VID such that the BNG can be the primarily policy agentfor connectivity. This requires access nodes and, potentiallyaggregation nodes to implement split horizon forwarding.

Although it is possible for “well behaved” clients to observe that theyare not unique when they can see neighbor traffic, and possibly takecorrective action, we need to consider that clients cannot see eachother, and we need to assume the presence of potentially maliciousclients. Hence a solution that does not require the cooperation of anynetwork attached customer equipment is required.

If the network interconnecting the access nodes and the BRAS is anEthernet network, traffic on the Ethernet network may be separated intoseparate VLANs by using different S-VIDs (for an Ethernet networkimplemented using 802.1ad) or different I-SIDs (for an Ethernet networkimplemented using 802.1ah). This means that the layer 3 subnets arevirtualized at the Ethernet layer. Common practice is to tie thisvirtualization to specific facilities (e.g. an S-VID per individualaccess node) but this is not a requirement. The result is Hub-and-Spokeconnectivity between the BRAS and the access nodes.

Each of the subnets will form a particular broadcast domain.Accordingly, it is important that each of the client devices 14 within agiven subnet has a unique MAC address. In the example shown in FIG. 1,the client devices that are connected to access node 2 and access node 3meet this criteria, and hence all of the client nodes connected toaccess node 2 may be assigned to subnet 2, and similarly all of theclient connected to access node 3 may be included in subnet 3.

However, access node 1 has two client nodes that have the same MACaddress. Specifically, in the example shown in FIG. 1, both client nodesthat connect to access node 1 have the same MAC address=A. Rather thanperform MAC NAT on one of the client nodes or simply deny service,according to an embodiment of the invention one of the nodes is assignedto a different subnet (subnet 4). This enables each subnet to have adiscrete set of unique MAC addresses. By assigning the client node witha duplicate MAC address to a separate subnet, each subnet will have atmost one instance of a particular MAC address. By using a differentVLANs for each subnet, the traffic at the Ethernet layer may beunambiguously forwarded so that the duplicate MAC addresses are notproblematic within the communication network.

FIGS. 2-4 show several additional examples of how client nodes withduplicate MAC addresses may be assigned to subnets other than theprimary subnet associated with their respective access node. Inparticular, in FIG. 2, all three of the illustrated access nodes includea pair of client nodes having duplicate MAC addresses. Specifically,access node 1 has a pair of client nodes with MAC address=A, access node2 has a pair of client nodes with MAC address=B, and access node 3 has apair of client nodes with MAC address=C. Rather than assigning aseparate subnet for each of the duplicate pairs, the client devices withduplicate MAC addresses may be assigned IP addresses from a commonsubnet, so that all of the client nodes with duplicate MAC addresses maybe assigned to this duplicate subnet (subnet 4).

FIG. 3 shows another example in which each of the access nodes has apair of client nodes with duplicate MAC addresses. However, in thisinstance, access node 2 has three client nodes that all have the sameduplicate MAC address. Accordingly, two additional subnets are requiredto accommodate these three nodes—subnet 4 and subnet 5. The other clientnodes with duplicate MAC addresses may be assigned to one of thesesubnets as shown in FIG. 3.

FIG. 4 shows yet another example of how client nodes with duplicate MACaddresses may occur on the network. In this example, more than one ofthe access nodes has a pair of client nodes that have the same duplicateMAC address. Specifically, both access node 1 and access node 2 have apair of client nodes that has MAC address=A. The subnet assigned to eachof these access nodes can accommodate one client node with MACaddress=A. Similarly, each duplicate address subnet can accommodate atmost one client node with MAC address=A. Accordingly, multiple duplicateaddress subnets (e.g. subnet 4 and subnet 5) should be used toaccommodate these multiple client nodes.

To enable traffic on different subnets to be broadcast within theEthernet domain, a different S-VID or other VLAN identifier may beassigned to each subnet. The BRAS and access nodes may be programmed toassociate prefixes from different subnets with these VLAN tags so thattraffic addressed to a particular subnet is correctly tagged fortransport on the Ethernet network.

In each of FIGS. 1-4, the communication network includes a Dynamic HostConfiguration Protocol (DHCP) server 20. DHCP servers are commonly usedto assign Internet Protocol addresses on a communication network.According to an embodiment of the invention, the DHCP server maintains atable that tracks the MAC addresses currently with address leases on agiven subnet along with the associated facility ID. When a new lease isrequested, the DHCP server checks, as part of the IP address assignmentprocess, whether the MAC address associated with an IP address requestis a duplicate in the IP subnet currently associated with the facility(e.g. DSL loop). If the DHCP server detects a duplicate MAC address onthe current subnet for the access facility it will not assign a MACaddress to the client device from that subnet, but rather will assign anIP address to the client node with the duplicate MAC address from adifferent subnet pool which will have the effect of changing the currentsubnet associated with that facility. This is made possible by the factthat it is common practice for access nodes to add access facilityinformation, identifying the individual client, to DHCP addressrequests, so that genuine duplicates (appearing on more than onefacility simultaneously) can be distinguished from lack ofsynchronization of state machines between a client and the DHCP server.

Although implementation of duplicate MAC address checking may beconveniently performed in the DHCP server, the invention is not limitedto an embodiment that implements this process in the DHCP server. Forexample, the access nodes may be provided with a range of S-VIDs andclient devices may be assigned to a subnet (S-VID) before obtaining anIP address from the DHCP server. In this embodiment the access nodes maycheck for duplicate MAC addresses and assign client devices to differentsubnets as necessary to prevent two client devices with the same MACaddress from being assigned to the same subnet. Alternatively numerousother centralized address administration systems exist (e.g. RADIUSbased) that could similarly perform the required function.

In one embodiment, the DHCP server preferentially performs subnetassignment for a given request on the basis of both location, andwhether the MAC address already exists on the default sub-network. Useof a DHCP server is advantageous since it is a central facility and cantherefore coordinate subnets that span multiple access nodes. The DHCPserver, in this embodiment, will have a default subnet associated witheach access facility from which to assign IP addresses. This allows theDHCP server to assign IP addresses out of the subnet assigned to theaccess node or client port during the normal course of events, when theMAC address associated with the DHCP request is unique within the accessnode. The DHCP server will also assign IP addresses out of other subnetsfor duplicate MAC addresses to prevent more than one instance of aparticular MAC address to be assigned to a given subnet.

The access node, in one embodiment, does not keep track of the MACaddresses or know that more than one of its attached client nodes hasduplicate MAC addresses. The access node does implement a DHCP relayagent such that it will have opportunity to inspect/modify DHCPtransactions as they flow between the client and the server. When theaccess node receives an offered IP address, the access node will inferthe correct VLAN tagging (or IEEE 802.1ah I-SID tagging) to use for thesubscriber client node based on the subnet prefix offered by the DHCPserver.

FIG. 5 shows an example process that may be used to enable the DHCPserver to accommodate duplicate MAC addresses within the communicationnetwork. Specifically, in the process shown in FIG. 5, when a clientnode connects to the access node it will send a DHCP request to the DHCPserver to request assignment of an IP address for use on the network(100). In the preferred embodiment, the access node is required toimplement a DHCP relay function, and the access node receives the DHCPrequest, it will insert DHCP relay agent information (option 82) intothe DHCP packets (102) to provide the DHCP server with information aboutthe facility the DHCP client is connected to, typically a port ID or DSLloop identifier. When DHCP Option 82 is enabled at the access node, theaccess node will insert this information into the DHCP packets as theypass through the switch on their way to the DHCP server.

When the DHCP server receives the DHCP request, it will determine thecurrent subnet associated with the facility and perform a search to lookfor duplicate MAC address in the set of leases already existing for thatsubnet (104). Specifically, the DHCP server will look to determine ifthe MAC address of the client node is unique within a subnet assigned tothe access node (106). If the MAC address is unique, the DHCP serverwill assign the device an IP address lease from pool of unused addressesfor the subnet and update its tables accordingly (108). If the MACaddress is not unique, the DHCP server will assign the facility toanother subnet where that MAC address is unique and allocate an IPaddress lease to the client node from pool of unused addresses for thatsubnet.

The DHCP server has a default subnet associated with all facilities oneach access node, so that the DHCP server will generally assign IPaddresses out of the subnet for the access node when the client nodesattaching to the network do not have duplicate MAC addresses. An exampleDHCP server is shown in FIG. 7. As shown in FIG. 7, the DHCP servercontains one or more instances of a DHCP process 70 that is configuredto assign IP addresses on the network. The DHCP server 20 includes atable 72 containing associations between access nodes and assignedsubnets. When the DHCP server 20 receives a DHCP request, it will readthe Option 82 information provided by the access node in the request todetermine the associated subnet from table 72.

As shown in FIG. 7, the DHCP server also has one or more tables 74 thatthe DHCP server can use to store MAC addresses associated with eachaccess node and subnet. The tables 74 may be implemented as a singletable for each subnet, for each access node, or may be implemented suchthat a given table covers more than one subnet or access node. The DHCPserver may also include another table mapping IP prefixes to particularaccess nodes, optionally in preference order, so that the DHCP servercan allocate an IP address out of the correct subnet for the servedaccess nodes. The MAC tables enable the DHCP server to track what MACaddresses are in what subnet. Subnet allocation policy may be originallybased on facility ID prior to duplicates being detected, and retainingfacility ID/MAC binding helps ensure that there are actually genuineduplicate MAC addresses and that the DHCP server is not simply seeingduplicate DHCP requests from the same access node. The retained facilityID/MAC binding allows duplicate DHCP requests from the same facility tobe identified and filtered out. In this embodiment, the DHCP server willuse the option 82 information to determine the subnet, and then performa lookup to determine whether the MAC address of the requesting deviceis a duplicate of any other MAC address already assigned an IP addressfrom the subnet. Performing a lookup on a per-subnet basis enables thesubnet to span across multiple access nodes.

When the DHCP server receives a request from an access node, it will usethe tables 74 to determine if the associated MAC address is unique forthe current subnet associated with the facility. If the MAC address isunique, the DHCP server will allocate an address from the current subnetfor the facility and send the IP address back to the client node. If theMAC address is not unique, the DHCP server will find a subnet where theMAC address is unique and allocate an address from the different subnetwhere the MAC address is unique. If there is not an available subnet, ameans of communicating denial of service will be used. This could be areserved address which instructed the access node to block the port. Anexample would be the IPv4 127./8 non-routable prefix.

To enable traffic associated with the MAC address to be mapped to thecorrect subnet, the access nodes and gateway BRAS are bothpre-programmed with a table associating IP prefix with VLAN IDs. In anEthernet network implemented using IEEE 802.1ad the VLAN IDs may beimplemented using S-VIDs. Where the Ethernet network is implementedusing IEEE 802.1ah, other VLAN IDs may be used as well, such as theI-SID. Thus, the particular VLAN ID may depend on the particularimplementation of the Ethernet network being used to carry trafficbetween the BRAS and the access nodes.

Assuming the Ethernet network is implemented using IEEE 802.1ad, theDHCP relay function in the access node will read the prefix from theDHCP response and use this to infer the S-VID from the VLAN ID/prefixtable. This S-VID will then be associated with the client port so thattraffic received from the client can be correctly tagged fortransmission on the network.

When downstream traffic received at the access node is tagged with theS-VID or I-SID, the access node can either broadcast the traffic on anyport associated with that S-VID/I-SID, or the access node can perform aMAC lookup to determine which output port to use to forward the trafficto the correct client node. Since each client device is represented by aunique MAC within the subnet, tagging each subnet with a different VLANID (e.g. S-VID) enables the access node to perform a MAC lookup andunambiguously determine the correct output port, even where more thanone client node with the same MAC address has attached to the sameaccess node.

If an access node has not registered interest in the S-VID or I_SIDassociated with a facility, or does not have a-priori pre-provisionedconnectivity, it may have to use registration techniques such as GenericAttribute Registration Protocol (GARP) or Multiple Registration Protocol(MRP) to add the access node to the subnet. MRP is specified in IEEE802.1ak-2007. Other ways of registering interest in an S-VID may beimplemented as well.

When all the leases associated with a given option 82 identifiedfacility (e.g. customer facing port) expire, the subsequent assignmentof IP addresses may revert back to the default subnet associated withthe facility. This enables subnet fragmentation to be reduced bycollecting MAC addresses back to the default subnet assigned to theoption 82 facility where there is no longer a duplicate MAC addressissue. The goal is not to make correcting duplicates permanent as theequipment deployed by the client may change over time.

If a duplicate MAC appears and requests a lease on a facility thatalready has a lease on the default subnet initiated by an earlierregistration, the DHCP server is required to consider the set of MACaddresses associated with the facility when determining which subnet toassign, the set requiring uniqueness within the assigned subnet. Inaddition the DHCP server will issue a DHCP-FORCE-RENEW for the existinglease in order to force the current leaseholder to reapply, so that atthe time that the new registration transactions are received, thecurrent subnet associated with the facility can be reselected to be onewhere the set of MAC addresses associated with the facility will beunique.

Although it is desirable to avoid permanent binding of a facility with aduplicate MAC to a non-default subnet, the use of DHCP-FORCE-RENEWrepresents a service disruption to the leaseholder. The impact of thiscan be minimized by making the binding “sticky”, and associating afacility with a non-default subnet for a programmable period, reset eachtime duplication with a MAC on the default subnet is detected, afterwhich the association is aged out.

The functions described above may be implemented as a set of programinstructions that are stored in a computer readable memory and executedon one or more processors on the computer platform. However, it will beapparent to a skilled artisan that all logic described herein can beembodied using discrete components, integrated circuitry such as anApplication Specific Integrated Circuit (ASIC), programmable logic usedin conjunction with a programmable logic device such as a FieldProgrammable Gate Array (FPGA) or microprocessor, a state machine, orany other device including any combination thereof. Programmable logiccan be fixed temporarily or permanently in a tangible medium such as aread-only memory chip, a computer memory, a disk, or other storagemedium. All such embodiments are intended to fall within the scope ofthe present invention.

It should be understood that various changes and modifications of theembodiments shown in the drawings and described in the specification maybe made within the spirit and scope of the present invention.Accordingly, it is intended that all matter contained in the abovedescription and shown in the accompanying drawings be interpreted in anillustrative and not in a limiting sense. The invention is limited onlyas defined in the following claims and the equivalents thereto.

1. A method of allocating Internet Protocol (IP) addresses to clientdevices, the method comprising: receiving requests for IP addresses fora plurality of client devices, each client device being associated witha respective Media Access Control (MAC) address and with a respectivefacility having a respective default subnet; and allocating respectiveIP addresses to the client devices based, at least in part, on therespective MAC addresses of the client devices, the allocated IPaddresses for some of the client devices being associated with therespective default subnets of the facilities with which the some of theclient devices are associated, and the allocated IP addresses for othersof the client devices being associated with subnets different from therespective default subnets of the facilities with which the others ofthe client devices are associated.
 2. The method of claim 1, whereinclient devices having a same MAC address are allocated respective IPaddresses associated with different subnets.
 3. The method of claim 2,wherein allocating the respective IP addresses comprises, when theclient devices having the same MAC address are associated with a samefacility, allocating to one of the client devices having the same MACaddress an IP address associated with a default subnet of the samefacility and allocating to each other client device having the same MACaddress an IP address associated with a respective subnet different fromthe default subnet of the same facility.
 4. The method of claim 1,wherein allocating the respective IP addresses comprises: for a clientdevice for which an IP address has been requested, the client devicebeing associated with a respective MAC address and a respectivefacility, determining whether another client device associated with asame MAC address and a same facility has currently been allocated an IPaddress associated with a default subnet of the same facility; and whenanother client device associated with the same MAC address and the samefacility has currently been allocated an IP address associated with thedefault subnet of the same facility, allocating an IP address associatedwith a subnet other than the default subnet of the same facility to theclient device for which the IP address has been requested.
 5. The methodof claim 4 wherein allocating the respective IP addresses comprises,when another client device associated with the same MAC address and thesame facility has not currently been allocated an IP address associatedwith the default subnet of the same facility, allocating an IP addressassociated with the default subnet of the same facility to the clientdevice for which an IP address has been requested.
 6. The method ofclaim 1, wherein the requests for the IP addresses are received and theIP addresses are allocated by a centralized server.
 7. The method ofclaim 6, wherein the centralized server is a dynamic host configurationprotocol (DHCP) server.
 8. The method of claim 1, wherein each facilityis associated with a respective access node.
 9. The method of claim 8,wherein the each facility connects to the respective access node via arespective physical or virtual port of the respective access node. 10.The method of claim 8, wherein each respective access node supportsmultiple facilities.
 11. A network element for allocating InternetProtocol (IP) addresses to client devices, the network elementcomprising: at least one communication interface configured to receiverequests for IP addresses for client devices, each client device beingassociated with a respective Media Access Control (MAC) address and witha respective facility having a respective default subnet; and at leastone IP address allocation element configured to allocate respective IPaddresses to the client devices, the allocated IP addresses for some ofthe client devices being associated with the respective default subnetsof the facilities with which the some of the client devices areassociated, and the allocated IP addresses for others of the clientdevices being associated with subnets different from the respectivedefault subnets of the facilities with which the others of the clientdevices are associated.
 12. The network element of claim 11, wherein theat least one IP address allocation element is configured to allocate toclient devices having a same MAC address respective IP addressesassociated with different subnets.
 13. The network element of claim 12,wherein the at least one IP address allocation element is configured toallocate respective IP addresses by, when client devices having the sameMAC address are associated with a same facility, allocating to one ofthe client devices having the same MAC address an IP address associatedwith a default subnet of the same facility and allocating to each otherclient device having the same MAC address an IP address associated witha respective subnet different from the default subnet of the samefacility.
 14. The network element of claim 11, wherein the at least oneIP address allocation element is configured to allocate respective IPaddresses by: for a client device for which an IP address has beenrequested, the client device being associated with a respective MACaddress and a respective facility, determining whether another clientdevice associated with a same MAC address and a same facility hascurrently been allocated an IP address associated with a default subnetof the same facility; and when another client device associated with thesame MAC address and the same facility has currently been allocated anIP address associated with the default subnet of the same facility,allocating an IP address associated with a default subnet other than thedefault subnet of the same facility to the client device for which theIP address has been requested.
 15. The network element of claim 14,wherein the at least one IP address allocation element is configured toallocate respective IP addresses by, when another client deviceassociated with the same MAC address and the same facility has notcurrently been allocated an IP address associated with the defaultsubnet of the same facility, allocating an IP address associated withthe default subnet of the same facility to the client device for whichan IP address has been requested.
 16. The network element of claim 11,implemented in a centralized server.
 17. The network element of claim16, implemented in a dynamic host configuration protocol (DHCP) server.18. The network element of claim 17, wherein the at least one IP addressallocation element runs at least one DHCP process.
 19. The networkelement of claim 17, comprising a table containing associations betweenfacilities and subnets assigned to the facilities.
 20. The networkelement of claim 17, comprising at least one table configured toassociate MAC addresses with respective facilities and subnets.